[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 1 09:12:33 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
628927ab by security tracker role at 2023-08-01T08:12:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2023-4033 (OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0 ...)
+	TODO: check
+CVE-2023-3825 (PTC\u2019s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to bein ...)
+	TODO: check
+CVE-2023-3462 (HashiCorp's Vault and Vault Enterprise are vulnerable to user enumerat ...)
+	TODO: check
+CVE-2023-39122 (BMC Control-M Software v9.0.20.200 was discovered to contain a SQL inj ...)
+	TODO: check
+CVE-2023-37772 (Online Shopping Portal Project v3.1 was discovered to contain a SQL in ...)
+	TODO: check
+CVE-2023-37496 (HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulner ...)
+	TODO: check
+CVE-2023-36984 (LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.)
+	TODO: check
+CVE-2023-36983 (LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.)
+	TODO: check
+CVE-2023-34960 (A command injection vulnerability in the wsConvertPpt component of Cha ...)
+	TODO: check
 CVE-2023-4026
 	REJECTED
 CVE-2023-4010 (A flaw was found in the USB Host Controller Driver framework in the Li ...)
@@ -685,10 +703,12 @@ CVE-2023-32232 (An issue was discovered in Vasion PrinterLogic Client for Window
 CVE-2023-32231 (An issue was discovered in Vasion PrinterLogic Client for Windows befo ...)
 	NOT-FOR-US: Vasion
 CVE-2023-38289 [libtiff: potential integer overflow in raw2tiff.c]
+	{DLA-3513-1}
 	- tiff 4.5.1+git230720-1
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/592
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/6e2dac5f904496d127c92ddc4e56eccfca25c2ee
 CVE-2023-38288 [libtiff: integer overflow in tiffcp.c]
+	{DLA-3513-1}
 	- tiff 4.5.1+git230720-1
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/591
@@ -815,7 +835,7 @@ CVE-2023-3611 (An out-of-bounds write vulnerability in the Linux kernel's net/sc
 	- linux 6.4.4-2
 	NOTE: https://git.kernel.org/linus/3e337087c3b5805fe0b8a46ba622a962880b5d64 (6.5-rc2)
 CVE-2023-3610 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
-	{DSA-5461-1}
+	{DSA-5461-1 DLA-3512-1}
 	- linux 6.3.11-1
 	[bookworm] - linux 6.1.37-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -2161,6 +2181,7 @@ CVE-2023-37943 (Jenkins Active Directory Plugin 2.30 and earlier ignores the "Re
 CVE-2023-37942 (Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earl ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2023-3618 (A flaw was found in libtiff. A specially crafted tiff file can lead to ...)
+	{DLA-3513-1}
 	- tiff 4.5.1~rc3-1 (bug #1040945)
 	[bookworm] - tiff <no-dsa> (Minor issue)
 	[bullseye] - tiff <no-dsa> (Minor issue)
@@ -3433,12 +3454,12 @@ CVE-2021-46891 (Vulnerability of incomplete read and write permission verificati
 CVE-2021-46890 (Vulnerability of incomplete read and write permission verification in  ...)
 	NOT-FOR-US: Huawei
 CVE-2023-35001 (Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byte ...)
-	{DSA-5453-1}
+	{DSA-5453-1 DLA-3512-1}
 	- linux 6.4.4-1
 	[bookworm] - linux 6.1.38-1
 	NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/3
 CVE-2023-31248 (Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulner ...)
-	{DSA-5453-1}
+	{DSA-5453-1 DLA-3512-1}
 	- linux 6.4.4-1
 	[bookworm] - linux 6.1.38-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -4026,7 +4047,7 @@ CVE-2023-3439 (A flaw was found in the MCTP protocol in the Linux kernel. The fu
 	NOTE: https://git.kernel.org/linus/b561275d633bcd8e0e8055ab86f1a13df75a0269 (5.18-rc5)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/07/02/1
 CVE-2023-3390 (A use-after-free vulnerability was found in the Linux kernel's netfilt ...)
-	{DSA-5461-1 DSA-5448-1}
+	{DSA-5461-1 DSA-5448-1 DLA-3512-1}
 	- linux 6.3.11-1
 	NOTE: https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97 (6.4-rc7)
 	NOTE: https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97
@@ -4955,6 +4976,7 @@ CVE-2023-3317 (A use-after-free flaw was found in mt7921_check_offload_capabilit
 	- linux <not-affected> (Vulnerable code never in released version in unstable)
 	NOTE: https://git.kernel.org/linus/2ceb76f734e37833824b7fab6af17c999eb48d2b (6.3-rc6)
 CVE-2023-3316 (A NULL pointer dereference in TIFFClose() is caused by a failure to op ...)
+	{DLA-3513-1}
 	- tiff 4.5.1~rc3-1
 	[bookworm] - tiff <no-dsa> (Minor issue)
 	[bullseye] - tiff <no-dsa> (Minor issue)
@@ -5005,6 +5027,7 @@ CVE-2023-31411 (A remote unprivileged attacker can modify and access configurati
 CVE-2023-31410 (A remote unprivileged attacker can intercept the communication via e.g ...)
 	NOT-FOR-US: SICK
 CVE-2023-2908 (A null pointer dereference issue was found in Libtiff's tif_dir.c file ...)
+	{DLA-3513-1}
 	- tiff 4.5.1~rc3-1
 	[bookworm] - tiff <no-dsa> (Minor issue)
 	[bullseye] - tiff <no-dsa> (Minor issue)
@@ -11119,7 +11142,7 @@ CVE-2023-2157 (A heap-based buffer overflow vulnerability was found in the Image
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b (7.1.1-7)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673 (6.9.12-85)
 CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux kernel withi ...)
-	{DSA-5453-1 DSA-5448-1}
+	{DSA-5453-1 DSA-5448-1 DLA-3512-1}
 	- linux 6.3.11-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-547/
@@ -19954,7 +19977,7 @@ CVE-2023-28025
 	RESERVED
 CVE-2023-28024
 	RESERVED
-CVE-2023-28023 (HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulner ...)
+CVE-2023-28023 (A cross site request forgery vulnerability in the BigFix WebUI Softwar ...)
 	NOT-FOR-US: HCL
 CVE-2023-28022
 	RESERVED
@@ -23010,6 +23033,7 @@ CVE-2023-26968 (In Atrocore 1.5.25, the Create Import Feed option with glyphicon
 CVE-2023-26967
 	RESERVED
 CVE-2023-26966 (libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when lib ...)
+	{DLA-3513-1}
 	- tiff 4.5.1~rc3-1
 	[bookworm] - tiff <no-dsa> (Minor issue)
 	[bullseye] - tiff <no-dsa> (Minor issue)
@@ -23017,6 +23041,7 @@ CVE-2023-26966 (libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() wh
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/473
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 (v4.5.1rc1)
 CVE-2023-26965 (loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-ba ...)
+	{DLA-3513-1}
 	- tiff 4.5.1~rc3-1
 	[bookworm] - tiff <no-dsa> (Minor issue)
 	[bullseye] - tiff <no-dsa> (Minor issue)
@@ -25168,8 +25193,8 @@ CVE-2023-26141
 	RESERVED
 CVE-2023-26140
 	RESERVED
-CVE-2023-26139
-	RESERVED
+CVE-2023-26139 (Versions of the package underscore-keypath from 0.0.11 are vulnerable  ...)
+	TODO: check
 CVE-2023-26138 (All versions of the package drogonframework/drogon are vulnerable to C ...)
 	NOT-FOR-US: Drogon
 CVE-2023-26137 (All versions of the package drogonframework/drogon are vulnerable to H ...)
@@ -27628,6 +27653,7 @@ CVE-2023-25434 (libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContig
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38 (v4.5.1rc1)
 	NOTE: Same fix as CVE-2023-0795.
 CVE-2023-25433 (libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiff ...)
+	{DLA-3513-1}
 	- tiff 4.5.1~rc3-1
 	[bookworm] - tiff <no-dsa> (Minor issue)
 	[bullseye] - tiff <no-dsa> (Minor issue)
@@ -52817,7 +52843,7 @@ CVE-2023-20595
 CVE-2023-20594
 	RESERVED
 CVE-2023-20593 (An issue in \u201cZen 2\u201d CPUs, under specific microarchitectural  ...)
-	{DSA-5462-1 DSA-5461-1 DSA-5459-1 DLA-3511-1 DLA-3508-1}
+	{DSA-5462-1 DSA-5461-1 DSA-5459-1 DLA-3512-1 DLA-3511-1 DLA-3508-1}
 	- linux 6.4.4-2
 	- amd64-microcode 3.20230719.1 (bug #1041863)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/07/24/1
@@ -145858,7 +145884,7 @@ CVE-2021-37388 (A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr p
 	NOT-FOR-US: D-Link
 CVE-2021-37387
 	RESERVED
-CVE-2021-37386 (Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were dis ...)
+CVE-2021-37386 (Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before  ...)
 	NOT-FOR-US: Furukawa
 CVE-2021-37385
 	RESERVED
@@ -243751,8 +243777,8 @@ CVE-2020-10964 (Serendipity before 2.3.4 on Windows allows remote attackers to e
 	- serendipity <removed>
 CVE-2020-10963 (FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted fi ...)
 	NOT-FOR-US: FrozenNode Laravel-Administrator
-CVE-2020-10962
-	RESERVED
+CVE-2020-10962 (In PowerShell App Deployment Toolkit (aka PSAppDeployToolkit) through  ...)
+	TODO: check
 CVE-2020-10961
 	RESERVED
 CVE-2020-10960 (In MediaWiki before 1.34.1, users can add various Cascading Style Shee ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/628927ab169e55947bce49fe27407c3ea3224be2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/628927ab169e55947bce49fe27407c3ea3224be2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230801/d21d7f27/attachment.htm>

More information about the debian-security-tracker-commits mailing list